DNS-BC: Fast, Reliable and Secure Domain Name System Caching System Based on a Consortium Blockchain

Abstract

The Domain Name System (DNS) is a fundamental component of the internet, responsible for resolving domain names into IP addresses. DNS servers are typically categorized into four types: recursive resolvers, root name servers, Top-Level Domain (TLD) name servers, and authoritative name servers. The latter three types of servers store actual records, while recursive resolvers do not store any real data and are only responsible for querying the other three types of servers and responding to clients. Recursive resolvers typically maintain a caching system to speed up response times, but these caching systems have the drawbacks of a low real-time performance, a poor accuracy, and many security and privacy issues. In this paper, we propose a caching system based on a consortium blockchain, namely DNS-BC, which uses the synchronization mechanism of the consortium blockchain to achieve a high real-time performance, uses the immutable mechanism of the consortium blockchain and our designed credibility management system to achieve up to a 100% accuracy, and has been combined with encrypted transmission protocols to solve common security and privacy issues. At the same time, this caching system can greatly reduce the traffic that name servers need to handle, thereby protecting them from Denial-of-Service (DoS) attacks. To further accelerate the data transmission speed, we have designed a new encrypted DNS protocol called DNS over KCP (DoK). The DoK protocol is based on the KCP protocol, which is a fast and reliable transmission protocol, and its latency can reach one-third of that of TCP when the network environment deteriorates. In our experiments, the transmission time of this protocol is about a quarter of that of the widely used encrypted protocols DNS over TLS (DoT) and DNS over HTTPS (DoH).